CVE-2015-2750

Published: Sep 13, 2017

Modified: Aug 6, 2024

PUBLISHED

Description

Open redirect vulnerability in URL-related API functions in Drupal 6.x before 6.35 and 7.x before 7.35 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via vectors involving the "//" initial sequence.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

DSA-3200

vendor-advisory

x_refsource_DEBIAN

[oss-security] 20150326 Re: CVE requests for Drupal Core - Moderately Critical - Multiple Vulnerabilities - SA-CORE-2015-001

mailing-list

x_refsource_MLIST

http://cgit.drupalcode.org/drupal/commit/includes/menu.inc?h=6.x&id=8ffc5db3c0ab926f3d4b2cf8bc51714c8c0f3c93

x_refsource_CONFIRM

73219

vdb-entry

x_refsource_BID

http://cgit.drupalcode.org/drupal/commit/includes/common.inc?h=7.x&id=b44056d2f8e8c71d35c85ec5c2fb8f7c8a02d8a8

x_refsource_CONFIRM

https://www.drupal.org/SA-CORE-2015-001

x_refsource_CONFIRM

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2015-2750

Description

Affected Products

References